N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.

Slides:



Advertisements
Similar presentations
XCAP Tutorial Jonathan Rosenberg.
Advertisements

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
SOAP.
XML in the real world (2) SOAP. What is SOAP? ► SOAP stands for Simple Object Access Protocol ► SOAP is a communication protocol ► SOAP is for communication.
SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.
Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
111 XMLCONF Introduction Strategy Protocol Layering Session Management RPC Mechanism Capabilities Exchange Operational Model Protocol Operations Standard.
XMLCONF IETF 57 – Vienna Rob Enns
NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Wireless Application Protocol (WAP) Reference: Chapter 12, section 2, Wireless Communications and Networks, by William Stallings, Prentice Hall.
Aalborg University – Department of Production XML Extensible Markup Language Kaj A. Jørgensen Aalborg University, Department of Production XML – Extensible.
Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
1 Weijing Chen Keith Allen XML Network Management Interface (draft-weijing-netconf-interface-01.txt) NETCONF Interim.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.
Microsoft Internet Information Services 5.0 (IIS) By: Edik Magardomyan Fozi Abdurhman Bassem Albaiady Vince Serobyan.
Lectured By: Vivek Dimri Assistant Professor, CSE Dept. SET, Sharda University, Gr. Noida.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
1 Version 3.0 Module 11 TCP Application and Transport.
Web Services Description Language CS409 Application Services Even Semester 2007.
Netconf Monitoring IETF 70 Mark Scott Sharon Chisholm Hector Trevino
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman
© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah
Web Security : Secure Socket Layer Secure Electronic Transaction.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
Abierman-netconf-mar03 1 NETCONF BOF 56th IETF San Francisco, California March 17, 2003 Discussion: Admin:
Syslog (1) The purpose of syslog is to write system messages to a log The purpose of syslog is to write system messages to a log Syslog messages can include.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
CS 3830 Day 9 Introduction 1-1. Announcements r Quiz #2 this Friday r Demo prog1 and prog2 together starting this Wednesday 2: Application Layer 2.
Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.
S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.
MySQL and GRID status Gabriele Carcassi 9 September 2002.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
An Analysis of XMPP Security Team “Vision” Chris Nelson Ashwin Kulkarni Nitin Khatri Taulant Haka Yong Chen CMPE 209 Spring 2009.
N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.
Lecture VI: SOAP-based Web Service CS 4593 Cloud-Oriented Big Data and Software Engineering.
Netconf Event Notifications IETF 66 Sharon Chisholm Hector Trevino
Netconf Schema Query Mark Scott IETF 70 Vancouver December 2007
Making Sense of Service Broker Inside the Black Box.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
1 Seminar: Pervasive Computing 2004 Automatic mobile device configuration: Status & open challenges Stefan Hoferer Supervisor: Andreas Fasbender.
Spring 2006 CPE : Application Layer_ 1 Special Topics in Computer Engineering Application layer: Some of these Slides are Based on Slides.
Netmod Netconf Data Modeling Sharon Chisholm Nortel
Sabri Kızanlık Ural Emekçi
(ITI310) SESSIONS 6-7-8: Active Directory.
Session Initiation Protocol (SIP)
NETCONF Configuration I/F Advertisement by WSDL and XSD
Partial Locking of a Datastore in NETCONF
draft-levin-xcon-cccp-02.txt Orit Levin
DISTRIBUTED COMPUTING
Henning Schulzrinne Dept. of Computer Science Columbia University
Fundamentals of Databases
Jonathan Rosenberg dynamicsoft
Presentation transcript:

N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker

A GENDA OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Example Partial Lock RPC With Default Capability TLS

OPERATIONS AND MANAGEMENT AREA Area Workgroups Examples: Adslmib : ADSL MIB Adslmib Capwap : Control And Provisioning of Wireless Access Points. Capwap Bmwg : Benchmarking Methodology Bmwg Dime : Diameter Maintenance and Extensions Dime Netconf : Network Configuration Netconf

NETCONF WORKING GROUP The NETCONF Working Group is chartered to produce a protocol suitable for network configuration. required characteristics includes: Differentiate between configuration data and non- configuration data. Extensible. Integration with user authentication methods. Integration with configuration database systems. Wide configuration transactions with features such as locking and rollback capability.

N ET C ONFIG P ROTOCOL The protocol provides mechanism to transfer and manipulate configuration data in a network device It uses an Extensible Markup Language (XML)- based data encoding for the configuration data and the protocol messages. The NETCONF protocol operations are realized on top of a simple Remote Procedure Call (RPC) layer.

XML D ETOUR XML Why XML? XSD and Schemas Xpath XML Node XML Sub Tree Example

XML E XAMPLE root superuser Charlie Root 1 Value of Xpath (top/users/user/name)

D EFINITIONS Application / client Server / Device Data Store / Configuration file Capabilities

P ROTOCOL L AYERS Configuration Data Status Data? Content ….. Operation RPC SSL, SSH, BEEP, console Transport Protocol

A way for both client and server to announce there existence It also serves as an announcement of session ID as well as supported features !!! Extendible protocol means that there is no guarantee that the server and client support the same set features. Base capability must be supported How to handle different set of features?

S ERVE M E The client the needed advertised capabilities requests to the Server. The Server processes the requests on a FIFO basis (Pipe Line) The Server sends Required Data/ request status to the client How to associate a request with a reply? Client closes the session or Server terminates session due to timeout

RPC F OR L IFE Client Requests are RPC calls The data store is conceptually a list of XML namespaces The RPC manipulates these XML namespaces Changes to the XML name spaces are mapped by the device to actual changes in it’s internal configuration (registers, etc..) Server reply contains requested XML data, errors, warnings and optionally execution success feedback

B ASIC O PERATIONS Get get get-config Manipulate edit-config copy-config delete-config Parallel access control Lock unlock End session close-session kill-session

RPC BLOCKS

F ILTERS What’s a filter Using a filter Demo

<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> root

<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> root superuser Charlie Root 1

E XTENDED C APABILITIES C ASE S TUDTIES Partial lock With default Capabilities

P ARTIAL L OCK RPC Describes the lock and unlock operations on parts of configuration data stores using XPath filtering mechanisms Definition of Terms Scope of the lock Protected area

P ARTIAL L OCKING C APABILITY Usage Scenarios Multiple managers with overlapping sections Multiple managers, distinct management areas New Operations

o Locking a node protects the node itself and the complete sub-tree under the node o The XPath expressions are evaluated only once at lock time o NETCONF server that supports partial locking MUST be able to grant multiple simultaneous partial locks to a single NETCONF session. o Failure o Global lock o Already locked o User does not have access rights

( CTD.) RPC Call Parameters Filter (Lock) ID (Unlock) Deadlock Avoidance RPC Reply Positive (Lock ID in case of lock) Negative

W ITH DEFAULT CAPABILITY It’s just a new XML child element added to the method-name element. part of the configuration data is not set by the NETCONF client, but rather a default value is used. Some times NETCONF client has a prior knowledge about this default data, so the NETCONF server does not need to send it to the client. In other situations the NETCONF client will need this data so it must be sent at the NETCONF messages.

R EPORTING MODES report-all: All default data is always reported. trim: Values are not reported if they match the default. explicit: Default data is not reported except explicitly set default data.

NETCONF OVER TLS Configuration exchange must be secure. TLS Provide support for certificate-based mutual authentication. TLS is application-protocol-independent. How NETCONF can be used within a TLS session?

NETCONF OVER TLS Connection Initiation ClientHello message Handshake Start Exchange XML Connection Closure Agent (NETCO NF) Server (TLS) Manger (NETCO NF) Client (TLS )

NETCONF OVER TLS Endpoint Authentication and Identification Server Identity 1. The server hostname 2. Matching is case-insensitive. 3. A "*" wildcard character. 4. multiple names is acceptable. Client Identity

Q UESTIONS

C ONTANCTS Group Mail : Menna Hamza: Mohamad Hesham : Mona AbdelMageed : Yasmine Sahker :